New worm tactic.

Discussion in 'Computer Security' started by Jim Watt, Jun 26, 2003.

  1. Jim Watt

    Jim Watt Guest

    I see someone has sent me a .zip file which contains a .pif file
    which undoubredly comtains something that is not going to do
    my PC any good were it executed.

    Checking on McAfee I find it is

    W32/Sobig.e@MM.

    "This variant is similar to W32/Sobig.d@MM. The worm propagates via
    email and over network shares. It contains its own SMTP engine for
    constructing outgoing messages.

    The virus is sent in a ZIP archive, allowing it to bypass extension
    blocking rules. However, this requires the end user to perform extra
    steps in order to actually execute the virus."

    But they wil, l and it also propagates via Network shares so beware !

    shit is about to happen.


    --
    Jim Watt http://www.gibnet.com
     
    Jim Watt, Jun 26, 2003
    #1
    1. Advertising

  2. Jim Watt

    Don Kelloway Guest

    "Jim Watt" <> wrote in message
    news:...
    > I see someone has sent me a .zip file which contains a .pif file
    > which undoubredly comtains something that is not going to do
    > my PC any good were it executed.
    >
    > Checking on McAfee I find it is
    >
    > W32/Sobig.e@MM.
    >
    > "This variant is similar to W32/Sobig.d@MM. The worm propagates via
    > email and over network shares. It contains its own SMTP engine for
    > constructing outgoing messages.
    >
    > The virus is sent in a ZIP archive, allowing it to bypass extension
    > blocking rules. However, this requires the end user to perform extra
    > steps in order to actually execute the virus."
    >
    > But they wil, l and it also propagates via Network shares so beware !
    >
    > shit is about to happen.
    >
    >
    > --
    > Jim Watt http://www.gibnet.com



    Fortunately there are mail filtering applications (e.g.. Elron Software
    Message Inspector and/or Anti-Virus) capable of examining and if necessary
    blocking such attachments. Even if the file's extension has been changed.


    --
    Best regards,
    Don Kelloway
    Commodon Communications

    Visit http://www.commodon.com to learn about the "Threats to Your Security
    on the Internet".
     
    Don Kelloway, Jun 26, 2003
    #2
    1. Advertising

  3. Jim Watt

    Jim Watt Guest

    On Thu, 26 Jun 2003 05:22:17 GMT, "Don Kelloway"
    <> wrote:

    >"Jim Watt" <> wrote in message
    >news:...
    >> I see someone has sent me a .zip file which contains a .pif file
    >> which undoubredly comtains something that is not going to do
    >> my PC any good were it executed.
    >>
    >> Checking on McAfee I find it is
    >>
    >> W32/Sobig.e@MM.
    >>
    >> "This variant is similar to W32/Sobig.d@MM. The worm propagates via
    >> email and over network shares. It contains its own SMTP engine for
    >> constructing outgoing messages.
    >>
    >> The virus is sent in a ZIP archive, allowing it to bypass extension
    >> blocking rules. However, this requires the end user to perform extra
    >> steps in order to actually execute the virus."
    >>
    >> But they wil, l and it also propagates via Network shares so beware !
    >>
    >> shit is about to happen.
    >>
    >>
    >> --
    >> Jim Watt http://www.gibnet.com

    >
    >
    >Fortunately there are mail filtering applications (e.g.. Elron Software
    >Message Inspector and/or Anti-Virus) capable of examining and if necessary
    >blocking such attachments. Even if the file's extension has been changed.


    Its not that the extension has been changed, its really a .zip file

    However, you are right, the best point of defense is at the mail
    server.
    --
    Jim Watt http://www.gibnet.com
     
    Jim Watt, Jun 26, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jordan

    Interesting anti-piracy tactic...

    Jordan, Jun 9, 2005, in forum: DVD Video
    Replies:
    13
    Views:
    604
    Justin
    Jun 12, 2005
  2. Lord Shaolin
    Replies:
    6
    Views:
    2,598
    John Tate
    Aug 20, 2003
  3. code_wrong

    worm/spybot.17.t (worm spybot 17t) detected by AVG

    code_wrong, May 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    702
    code_wrong
    May 15, 2004
  4. Imhotep
    Replies:
    4
    Views:
    650
    Edw. Peach
    Jan 30, 2006
  5. Danny

    Worm\Spybot (P2P-Worm.Win32.SpyBot.a)

    Danny, Aug 14, 2005, in forum: Computer Information
    Replies:
    0
    Views:
    522
    Danny
    Aug 14, 2005
Loading...

Share This Page